[backport rh-test] [bugfix] fix auth service worker to handle cross-origin redirects to GCS (#6268)

Backport of #6265 to `rh-test` Automatically created by backport workflow. ┆Issue is synchronized with this [Notion page](https://www.notion.so/PR-6268-backport-rh-test-bugfix-fix-auth-service-worker-to-handle-cross-origin-redirects-to-G-2976d73d365081aba256c59948d0bf39) by [Unito](https://www.unito.io) Co-authored-by: Christian Byrne <cbyrne@comfy.org>
2026-02-02 22:37:32 +00:00 · 2025-10-25 10:42:42 +09:00
parent 1a019437ee
commit bed58a09c0
1 changed files with 21 additions and 3 deletions
--- a/public/auth-sw.js
+++ b/public/auth-sw.js
@@ -54,18 +54,36 @@ self.addEventListener('fetch', (event) => {
          headers.set(key, value)
        }

-        return fetch(
+        // Fetch with manual redirect to handle cross-origin redirects (e.g., GCS signed URLs)
+        const response = await fetch(
          new Request(event.request.url, {
            method: event.request.method,
            headers: headers,
-            mode: 'same-origin',
            credentials: event.request.credentials,
            cache: 'no-store',
-            redirect: event.request.redirect,
+            redirect: 'manual',
            referrer: event.request.referrer,
            integrity: event.request.integrity
          })
        )
+
+        // If redirected to external storage (GCS), follow without auth headers
+        // The signed URL contains its own authentication in query params
+        if (
+          response.type === 'opaqueredirect' ||
+          response.status === 302 ||
+          response.status === 301
+        ) {
+          const location = response.headers.get('location')
+          if (location) {
+            return fetch(location, {
+              method: 'GET',
+              redirect: 'follow'
+            })
+          }
+        }
+
+        return response
      } catch (error) {
        console.error('[Auth SW] Request failed:', error)
        return fetch(event.request)